Senior Consultant: SAP Application Security Specialist

Audit and Enterprise Risk Services
Technology Risk: Security and Privacy Services
Senior Consultant: SAP Application Security Specialist
 
Security, privacy, and operational resilience are critical issues facing both public and private organizations today. Deloitte's Security & Privacy (S&P) services help organizations in their management of information and technology risks by delivering end-to-end solutions, using proven methodologies and tools in a consistent manner. Our services help organizations address timely and pervasive issues such as identity theft, data security breaches, data leakage, cyber security, and system outages across organizations of various sizes and industries, with the goal of enabling ongoing, secure, and reliable operations across the enterprise.
 
Application Integrity- To make decisions confidently and seize new opportunities, organizations need to rely on the integrity of their business processes, systems and applications to provide accurate, timely
information. New Web-enabled solutions and capabilities, such as portals and exchanges, are continuously being built for a variety of electronic uses for nearly every industry. Our Application Integrity Services helps clients protect the software applications that support these initiatives. With stronger application integrity, you can reduce or eliminate operational disruptions and their associated costs, enabling them to make accurate data available to your business partners and customers, helping you be competitive. We are currently looking for professionals to join our growing Application Integrity team that have SAP application security implementation and control design experience.
 
Job Duties:
- Assess clients' security and control readiness and provide appropriate security assistance.
- Demonstrate advanced understanding of business processes, internal control risk management, IT controls and related standards
- Identify and evaluate complex business and technology risks,
internal controls which mitigate risks, and related opportunities for internal control improvement
- Understand complex business and information technology management processes
- Execute advanced services and supervise staff in delivering basic services
- Assist in the selection and tailoring of approaches, methods and tools to support service offering or industry projects
- Understand clients' business environment and basic risk management approaches
- Demonstrate a general knowledge of market trends, competitor activities, Deloitte & Touche products and service lines
- Actively participate in decision making with engagement management and seek to understand the broader impact of current decisions
- Generate innovative ideas and challenge the status quo
- Build and nurture positive working relationships with clients with the intention to exceed client expectations
- Facilitate use of technology-based tools or methodologies to review, design
and/or implement products and services
- Identify opportunities to improve engagement profitability
- Participate in and actively support mentoring relationships within practice
- Excellent potential for 1) playing lead role in designated tasks of the project team in gathering, organizing and analyzing data; 2) making major contributions in assuring products/deliverables meet contract/work plan and; 3) strong potential for growth and acceptance of additional responsibilities

Qualifications:
- 4+ years experience in SAP ECC or R/3 application security controls design and implementation.
- Experience with compliance solutions and compliance products such as, SAP GRC Access Controls (Risk analysis and remediation, Super User Privilege Management, Compliant User Provisioning, Enterprise Role Management) or Approva BizRights (Authorization Insights, GCC Insights, User Activity Insights, Process Insights) is highly preferred.
- Experience with security design and
configuration with the following:
* SAP HR module
* NetWeaver 2004 or 2004's applications, including Business Intelligence (BI) / Business Warehouse (BW), Enterprise Portal (EP), Master Data Management (MDM), and Process Integration (PI) / Exchange Infrastructure (XI);
* mySAP applications including Customer Relationship Management (CRM), Supply Chain Management (SCM), and Supplier Relationship Management (SRM)
* SAP data objects.
- Knowledge and understanding SAP administration and maintenance.
- Prior systems audit, assurance, and/or ERP implementation experience
- Strong background in the following:
* Controls re-engineering
* Segregation of duty concerns with respect to application security implementation
* Application security implementation 
* Distributed system administration and recovery
* Database administration
* Security auditing techniques
* Computer control environments
* ERP control implementation in medium to large computer
environments
* Operating systems 
* Access control software
- Prior consulting or Big 4 experience is preferred
- BA/BS Degree in Business Administration, Computer Science,  Finance, Accounting, or Information Systems
- CISA, CISSP, and/or applicable package certification preferred.
- Open to travel requirements 


About Deloitte

As used in this document, “Deloitte” means Deloitte LLP and its subsidiaries. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Deloitte LLP and its subsidiaries are equal opportunity employers.

Disclaimer: If you are not reviewing this job posting on our Careers’ site (careers.deloitte.com) or one of our approved job boards, we cannot guarantee the validity of this posting. For a list of our current postings, please visit us at careers.deloitte.com.